VIR Vulnerability Intelligence Relay

Package impact

python PyPI / praisonaiagents

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-44335 critical 9.8 9.8 20d ago PraisonAI has an SSRF bypass python
CVE-2026-44339 high 8.6 8.6 20d ago PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute python
CVE-2026-41496 high 8.1 8.1 20d ago PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) python
CVE-2026-40289 unknown 2mo ago PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions python
CVE-2026-40288 unknown 2mo ago PraisonAI has critical RCE via `type: job` workflow YAML python
CVE-2026-40287 unknown 2mo ago PraisonAI Vulnerable to RCE via Automatic tools.py Import python
CVE-2026-40160 unknown 2mo ago PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback python
CVE-2026-40152 unknown 2mo ago PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary python
CVE-2026-40153 unknown 2mo ago PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool python
CVE-2026-40150 unknown 2mo ago PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool python
CVE-2026-40117 unknown 2mo ago PraisonAIAgents: Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate python
CVE-2026-40111 unknown 2mo ago PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py) python
CVE-2026-39888 unknown 2mo ago PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode) python
CVE-2026-34954 unknown 2mo ago PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL python
CVE-2026-34937 unknown 2mo ago PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution python
CVE-2026-34938 unknown 2mo ago PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code python